C++: Add MaD barrier guard tests.

2026-04-29 02:35:15 +02:00 · 2026-01-15 17:45:38 +00:00
parent dc7ce3fba3
commit 2b31928c7b
3 changed files with 52 additions and 5 deletions
--- a/cpp/ql/test/library-tests/dataflow/ir-barrier-guards/test.cpp
+++ b/cpp/ql/test/library-tests/dataflow/ir-barrier-guards/test.cpp
@@ -12,4 +12,39 @@ void testCheckArgument(int p) {
  if (checkArgument(&p)) {
    sink(p); // $ barrier=glval<int> indirect_barrier=int
  }
+}
+
+int* get_clean_value(int* x) { return x; }
+bool is_clean_value(int*);
+
+int* get_clean_pointer(int* x) { return x; }
+bool is_clean_pointer(int*);
+
+void sink(int);
+void sink(int*);
+
+void test_mad(int x, int* p) {
+	{
+		if(is_clean_value(&x)) {
+			sink(x); // $ MISSING: external=int
+		}
+	}
+
+	{
+		if(is_clean_value(p)) {
+			sink(*p); // $ MISSING: external=int
+		}
+	}
+
+	{
+		if(is_clean_pointer(p)) {
+			sink(p); // $ MISSING: external=int*
+		}
+	}
+
+	{
+		if(is_clean_pointer(&x)) {
+			sink(x); // $ MISSING: external=glval<int>
+		}
+	}
 }
--- a/cpp/ql/test/library-tests/dataflow/ir-barrier-guards/test.ext.yml
+++ b/cpp/ql/test/library-tests/dataflow/ir-barrier-guards/test.ext.yml
@@ -0,0 +1,13 @@
+extensions:
+  - addsTo:
+      pack: codeql/cpp-all
+      extensible: barrierModel
+    data:
+      - ["", "", False, "get_clean_pointer", "", "", "ReturnValue", "test-barrier", "manual"]
+      - ["", "", False, "get_clean_data", "", "", "ReturnValue[*]", "test-barrier", "manual"]
+  - addsTo:
+        pack: codeql/cpp-all
+        extensible: barrierGuardModel
+    data:
+      - ["", "", False, "is_clean_value", "", "", "Argument[*0]", "true", "test-barrier", "manual"]
+      - ["", "", False, "is_clean_pointer", "", "", "Argument[0]", "true", "test-barrier", "manual"]
--- a/cpp/ql/test/library-tests/dataflow/ir-barrier-guards/test.ql
+++ b/cpp/ql/test/library-tests/dataflow/ir-barrier-guards/test.ql
@@ -2,6 +2,7 @@ import cpp
 import semmle.code.cpp.dataflow.new.DataFlow
 import semmle.code.cpp.controlflow.IRGuards
 import utils.test.InlineExpectationsTest
+import semmle.code.cpp.dataflow.ExternalFlow

 predicate instructionGuardChecks(IRGuardCondition gc, Instruction checked, boolean branch) {
  exists(CallInstruction call |
@@ -31,13 +32,11 @@ module Test implements TestSig {
  string getARelevantTag() { result = ["barrier", "indirect_barrier"] }

  predicate hasActualResult(Location location, string element, string tag, string value) {
-    exists(DataFlow::Node node, string s |
-      indirectBarrierGuard(node, s) and
-      value = s and
+    exists(DataFlow::Node node |
+      indirectBarrierGuard(node, value) and
      tag = "indirect_barrier"
      or
-      barrierGuard(node, s) and
-      value = s and
+      barrierGuard(node, value) and
      tag = "barrier"
    |
      element = node.toString() and